Infosec Technology Transition Council (ITTC)
The U.S. Department of Homeland Security and SRI International have formed a working forum called the Infosec Technology Transition Council (ITTC), where experts and leaders from government, private, financial, IT, venture-capital, academic, and science sectors come together several times each year in the California Bay Area to address a variety of problems related to cybersecurity, such as malware, identity theft, criminal activity on the Internet, and other forms of untrustworthiness.
The primary objective of ITTC is to identify proactive IT security solutions and to assist in the acceleration of their development and deployment into the market place. Seasoned professionals in IT security and law enforcement, together with representatives from academia and science, have strategically aligned themselves with subject-matter experts and organizations to pursue this objective. A key component to the success of the ITTC public-private partnership is its ability to work actively with leaders in the community who are principals of change in an effort to better protect our communities and corporations from attacks against their critical infrastructures.
The subject-matter experts of the ITTC seek to share information that will assist in the discovery, development, deployment, and due diligence of next-generation technologies best suited to protecting our critical infrastructures and serve our communities.
ITTC was originally created as the Identity Theft Technology Council. Subsequently, the increasing popularity of meetings with a steadily growing number of participants, together with the shared awareness of the criticality of additional cybersecurity problem areas, suggested that the scope of ITTC be broadened to its current form, as the Infosec Technology Transition Council (thereby preserving the original acronym.)
Recent meetings have included talks by current and former government officials, FBI, Secret Service, legal experts, and members of the research and development communities. Topics of interest include discussions of innovative relevant developments such as IronKey, Secure64, Komoku, Stanford’s Password Hash and other anti-spam and anti-Phishing approaches, Stanford/Coverity/Semantec’s Vulnerability Discovery and Remediation Tool, Endeavor Systems’ botnet detection and Solidcore’s malware identification (both now acquired by McAfee), SRI’s Malware Threat Center and the Cyber Threat Analytics efforts, and the Conficker Working Group, to name just a few. The ITTC meeting on February 4, 2010 included a panel on Digital Forensics, and talks by Bill Arbaugh (R&DTechnical Transfer: A Worked Example) based on his experience with Komoku’s bootload integrity (now embedded in new Microsoft releases), and General Michael Hayden, former director of NSA and CIA (How Much Do We Really Know and Understand About Threats in the Cyber Age?). The ITTC meeting on June 2, 2010 included talks by Phil Porras, Jeff Moss, David Dagon, and Richard Marshall.
Reports on Crimeware and Online Identity Theft
The following reports provide vendor-independent overviews of current attacks and countermeasures in a format that is technically accurate while still easy to comprehend for a wide audience. They were created under the aegis of ITTC, DHS, and SRI International.
- The Crimeware Landscape: Malware, Phishing, Identity Theft and Beyond, Aaron Emigh, September 2006
- Online Identity Theft: Phishing Technology, Chokepoints and Countermeasures, Aaron Emigh, October 2005
Article on Technology Transfer
An article by Doug Maughan is of particular relevance to ITTC participants, and especially those related to research.
- Tech Transfer: Crossing the “Valley of Death”: Transitioning Research into Commercial Products, W. Douglas Maughan, Proceedings of the IEEE Symposium on Security and Privacy, May 17-19, 2010.